Telecoms Move Toward Predictive Security Intelligence
Telecom facilities are home to a number of critical and highly valuable assets, and given the sensitive nature of a large number of these locations, it’s vital that telecoms be able to recognize potential threats as soon as possible. Additionally, a number of mergers and acquisitions within the telecom industry have shined a light on the need for future-proof solutions that offer the flexibility of incorporating multiple systems from multiple manufacturers to facilitate growth without requiring costly rip-and-replace projects.
These factors highlight telecoms’ need for strong physical access and identity management to enhance overall security, which has traditionally been reactive in nature, enabling response to issues or events after they have occurred. Unfortunately, by that time, any negative impact has already been felt. And while there has been significant progress with integrating a variety of systems to establish more robust security platforms, until now there has been little progress integrating operations systems like vendor/contractor management, visitor management, HR, compliance and others. As a result, there have been a number of security breaches for which enough relevant data had been stored within multiple disparate systems and sources to warn of a possible risk; however, with no way to extrapolate actionable intelligence from that data, the risk went undetected until it was too late.
This occurs because simply collecting and organizing the vast quantity of security-and incident-related data is a major challenge for telecoms. And that doesn’t include the monumental task of analyzing that data and applying the resulting intelligence to make smart decisions. Until now, the amount of available data has proven too great for organizations to utilize properly, and without a comprehensive approach to collecting and analyzing all this data, organizations’ security processes begin to break down. That’s just not acceptable for telecoms.
New Physical Identity Access Management (PIAM) solutions with predictive capabilities can address these needs by helping telecoms manage multiple identity types for employees, contractors, visitors and others, while simultaneously identifying abnormalities in behaviors and events to alert security and management to potential problems. Capable of being deployed across an enterprise, PIAM solutions create a holistic, auditable environment that provides actionable intelligence enabling a more proactive approach to security.
Predictive solutions collect and analyze data from disparate security and non-security systems, applying operational- and risk-based analytics to the data to provide a clear understanding of security operations and risks. This analysis uncovers indicators of compromise (IOCs) that could signify a potential incident or security risk. Using the actionable intelligence gleaned through this process, telecoms can take proactive steps and potentially prevent an incident or event from occurring. An added benefit is that predictive systems can learn and improve over time and are often able to identify patterns that were never expected or that most likely would not have been uncovered without that level of processing and automation.
PIAM solutions employ metrics to paint a picture of what “normal” looks like, and from there create useful information out of mountains of data. For example, determining the effectiveness of security and operational policies might require a telecom to know how many visitors enter a facility at certain times, how long it takes to process them and how that affects meeting start times. Combining these metrics allows lobby staffing levels to be adjusted accordingly. For operations, the length of time needed for new hires to receive access approval can identify areas where automation would deliver the highest ROI.
Insider threat is an increasingly prevalent concern for telecoms and other organizations, but it can be difficult to understand and predict given the complex psychology behind it. Predictive analysis can overcome this challenge by creating a profile for each person’s access, time of employment, time since their last access audit, background check or other mitigation control to determine an individual’s inherent risk to a telecom. A triggering event, such as a bad performance review or missed promotion, might increase the possibility of an insider breach and generate an initial red flag about that person’s potential rising threat. The profile is further augmented with patterns of behavior in the various security systems – perhaps this person is now trying to access a new, higher-security location or coming in at odd hours. When you are able to look at multiple indicators of compromise from numerous sources, it allows you to get a more complete picture of what is happening with that particular identity and what actions to take.
These varying types of data provide different perspectives that, when combined, can be used to proactively reduce potential risk and improve understanding. Access audits can be focused on individuals with high scores in multiple areas, including high levels of access, and can also be used to remove unused and/or unnecessary access privileges.
The ability to utilize technology with predictive capabilities also enforces access- and physical security-related compliance with government and other regulations and standards and allows telecoms to more easily demonstrate compliance using a single automated policy and reporting infrastructure.
The ability of PIAM solutions to not only collect but to analyze massive amounts of data to identify connections that may or may not be obvious between data and events can not only increase security, but can also allow telecoms to find novel applications for the resulting intelligence as part of their day-to-day operations, identifying potential opportunities to streamline and improve security and business processes. Simply put, PIAM solutions provide actionable intelligence to give telecoms the power to proactively guard against potential incidents or breaches, strengthen identity management and improve inefficient and error-prone processes.